主页
产品
Ansible on Clouds
2.3
来自 AWS Marketplace 的 Red Hat Ansible Automation Platform 指南
2.2. IAM 策略

2.2. IAM 策略

您的 AWS 帐户必须具有 Identity and Access Management (IAM) 权限才能创建和管理 AWS Marketplace 部署，如应用程序基础架构所述。

您的 AWS 帐户还需要相关的授权以部署来自 AWS Marketplace 的 Ansible Automation Platform。

如果您的 IAM 策略限制了这些资源的部署和管理，应用程序将无法部署。

应用程序有两个部署选项：

使用新的 VPC 部署
使用现有 VPC 部署

下表包含必要的 IAM 策略列表：

Expand

对于使用新 VPC 的部署	对于使用现有 VPC 的部署
受管策略 AWSMarketplaceFullAccess	受管策略 AWSMarketplaceFullAccess
CloudFormation 内联 IAM 策略 cloudformation:DeleteStack cloudformation:CreateUploadBucket cloudformation:CreateStack cloudformation:UpdateStack cloudformation:GetTemplateSummary cloudformation:ListStacks cloudformation:GetStackPolicy cloudformation:DescribeStacks cloudformation:ListStackResources cloudformation:DescribeStackEvents	CloudFormation 内联 IAM 策略 cloudformation:DeleteStack cloudformation:CreateUploadBucket cloudformation:CreateStack cloudformation:UpdateStack cloudformation:GetTemplateSummary cloudformation:ListStacks cloudformation:GetStackPolicy cloudformation:DescribeStacks cloudformation:ListStackResources cloudformation:DescribeStackEvents
S3 内联 IAM 策略 s3:CreateBucket s3:PutObject s3:GetObject	S3 内联 IAM 策略 s3:CreateBucket s3:PutObject s3:GetObject
IAM 内联 IAM 策略 iam:DetachRolePolicy iam:RemoveRoleFromInstanceProfile iam:DeleteInstanceProfile iam:DeleteRolePolicy iam:CreateRole iam:PutRolePolicy iam:DeleteRole iam:AttachRolePolicy iam:CreateInstanceProfile iam:AddRoleToInstanceProfile iam:PassRole iam:ListRoles iam:GetRolePolicy iam:TagRole	IAM 内联 IAM 策略 iam:DetachRolePolicy iam:RemoveRoleFromInstanceProfile iam:DeleteInstanceProfile iam:DeleteRolePolicy iam:CreateRole iam:PutRolePolicy iam:DeleteRole iam:AttachRolePolicy iam:CreateInstanceProfile iam:AddRoleToInstanceProfile iam:PassRole iam:ListRoles iam:GetRolePolicy iam:TagRole
SecretsManager 内联 IAM 策略 secretsmanager:DeleteSecret secretsmanager:GetSecretValue secretsmanager:GetRandomPassword secretsmanager:CreateSecret secretsmanager:TagResource secretsmanager:PutSecretValue	SecretsManager 内联 IAM 策略 secretsmanager:DeleteSecret secretsmanager:GetSecretValue secretsmanager:GetRandomPassword secretsmanager:CreateSecret secretsmanager:TagResource secretsmanager:PutSecretValue
RDS 內联 IAM 策略 rds:DeleteDBSubnetGroup rds:DeleteDBInstance rds:CreateDBSubnetGroup rds:AddTagsToResource rds:CreateDBInstance rds:DescribeDBSubnetGroups rds:DescribeDBInstances	RDS 內联 IAM 策略 rds:DeleteDBSubnetGroup rds:DeleteDBInstance rds:CreateDBSubnetGroup rds:AddTagsToResource rds:CreateDBInstance rds:DescribeDBSubnetGroups rds:DescribeDBInstances
Elastic File System 內联 IAM 策略 elasticfilesystem:DeleteFileSystem elasticfilesystem:DeleteMountTarget elasticfilesystem:DeleteAccessPoint elasticfilesystem:CreateFileSystem elasticfilesystem:CreateAccessPoint elasticfilesystem:CreateMountTarget elasticfilesystem:DescribeFileSystems elasticfilesystem:DescribeFileSystemPolicy elasticfilesystem:DescribeBackupPolicy elasticfilesystem:DescribeLifecycleConfiguration elasticfilesystem:DescribeAccessPoints elasticfilesystem:DescribeMountTargets	Elastic File System 內联 IAM 策略 elasticfilesystem:DeleteFileSystem elasticfilesystem:DeleteMountTarget elasticfilesystem:DeleteAccessPoint elasticfilesystem:CreateFileSystem elasticfilesystem:CreateAccessPoint elasticfilesystem:CreateMountTarget elasticfilesystem:DescribeFileSystems elasticfilesystem:DescribeFileSystemPolicy elasticfilesystem:DescribeBackupPolicy elasticfilesystem:DescribeLifecycleConfiguration elasticfilesystem:DescribeAccessPoints elasticfilesystem:DescribeMountTargets
EC2 内联 IAM 策略 ec2:RevokeSecurityGroupEgress ec2:RevokeSecurityGroupIngress ec2:DescribeKeyPairs ec2:CreateSecurityGroup ec2:DescribeSecurityGroups ec2:DeleteSecurityGroup ec2:CreateTags ec2:AuthorizeSecurityGroupEgress ec2:AuthorizeSecurityGroupIngress ec2:DescribeInstances ec2:CreateVpc ec2:DescribeVpcs ec2:DeleteVpc ec2:CreateSubnet ec2:DeleteSubnet ec2:DescribeSubnets ec2:DeleteSubnetCidrReservation ec2:AssociateSubnetCidrBlock ec2:DisassociateSubnetCidrBlock ec2:CreateSubnetCidrReservation ec2:GetSubnetCidrReservations ec2:DescribeAvailabilityZones ec2:CreateRouteTable ec2:DeleteRouteTable ec2:CreateRoute ec2:DeleteRoute ec2:CreateInternetGateway ec2:DeleteInternetGateway ec2:DescribeInternetGateways ec2:AttachInternetGateway ec2:DetachInternetGateway ec2:AssociateRouteTable ec2:DescribeRouteTables ec2:DisassociateRouteTable ec2:ModifyVpcAttribute ec2:DescribeAccountAttributes ec2:DescribeAddresses ec2:AssociateAddress ec2:DisassociateAddress ec2:DescribeAddressesAttribute ec2:ModifyAddressAttribute ec2:AssociateNatGatewayAddress ec2:DisassociateNatGatewayAddress ec2:CreateNatGateway ec2:DeleteNatGateway ec2:DescribeNatGateways ec2:AllocateAddress ec2:ReleaseAddress	EC2 内联 IAM 策略 ec2:RevokeSecurityGroupEgress ec2:RevokeSecurityGroupIngress ec2:DescribeKeyPairs ec2:CreateSecurityGroup ec2:DescribeSecurityGroups ec2:DeleteSecurityGroup ec2:CreateTags ec2:AuthorizeSecurityGroupEgress ec2:AuthorizeSecurityGroupIngress ec2:DescribeInstances
自动扩展内联 IAM 策略 autoscaling:CreateLaunchConfiguration autoscaling:CreateAutoScalingGroup autoscaling:DeleteLaunchConfiguration autoscaling:UpdateAutoScalingGroup autoscaling:DeleteAutoScalingGroup autoscaling:DescribeAutoScalingGroups autoscaling:DescribeLaunchConfigurations autoscaling:DescribeScalingActivities autoscaling:DescribeAutoScalingInstances	自动扩展内联 IAM 策略 autoscaling:CreateLaunchConfiguration autoscaling:CreateAutoScalingGroup autoscaling:DeleteLaunchConfiguration autoscaling:UpdateAutoScalingGroup autoscaling:DeleteAutoScalingGroup autoscaling:DescribeAutoScalingGroups autoscaling:DescribeLaunchConfigurations autoscaling:DescribeScalingActivities autoscaling:DescribeAutoScalingInstances
elasticloadbalancing 內联 IAM 策略 elasticloadbalancing:CreateTargetGroup elasticloadbalancing:ModifyTargetGroupAttributes elasticloadbalancing:DeleteTargetGroup elasticloadbalancing:AddTags elasticloadbalancing:CreateLoadBalancer elasticloadbalancing:ModifyLoadBalancerAttributes elasticloadbalancing:DescribeTargetGroups elasticloadbalancing:DescribeListeners elasticloadbalancing:CreateListener elasticloadbalancing:DeleteListener elasticloadbalancingv2:DeleteLoadBalancer elasticloadbalancingv2:DescribeLoadBalancers	elasticloadbalancing 內联 IAM 策略 elasticloadbalancing:CreateTargetGroup elasticloadbalancing:ModifyTargetGroupAttributes elasticloadbalancing:DeleteTargetGroup elasticloadbalancing:AddTags elasticloadbalancing:CreateLoadBalancer elasticloadbalancing:ModifyLoadBalancerAttributes elasticloadbalancing:DescribeTargetGroups elasticloadbalancing:DescribeListeners elasticloadbalancing:CreateListener elasticloadbalancing:DeleteListener elasticloadbalancingv2:DeleteLoadBalancer elasticloadbalancingv2:DescribeLoadBalancers
SNS 内联 IAM 策略 sns:ListTopics	SNS 内联 IAM 策略 sns:ListTopics

返回顶部

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务，以及可以信赖的内容，帮助红帽用户创新并实现他们的目标。了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情，请参阅红帽博客.

關於紅帽

我们提供强化的解决方案，使企业能够更轻松地跨平台和环境（从核心数据中心到网络边缘）工作。

Theme

© 2025 Red Hat